Skip to content

18 Support for Memory Encryption Contexts

Chapter 18 Support for Memory Encryption Contexts The Memory Encryption Contexts feature, FEAT_MEC, provides finer-grained memory encryption contexts, within the Realm physical address space, to be assigned to Realms, with policy controlled by Realm EL2 [2]. This section introduces a comparable feature for the SMMU architecture for interoperability with the MEC PE extension. In the SMMU, support for Memory Encryption Contexts (MEC) is indicated as follows: • For Realm state: SMMU_R_IDR3.MEC. • For Non-secure state in the Non-secure Protected (NSP) PA space: SMMU_ROOT_IDR0.GDI. See 3.25.10 Granular Data Isolation. If the MEC feature is supported for Realm state, the supported MECID width is indicated in SMMU_R_MECIDR. SMMU- and client-originated accesses to memory are associated with a MECID, that identifies the Memory Encryption Context of the access. Accesses made by the SMMU or client devices for Secure, Non-secure, and Root PA spaces are issued with the default MECID of zero. Accesses made by the SMMU or client devices to Realm PA space are associated with a MECID. If SMMU_R_IDR3.MEC is 0 then this is the default MECID of zero. The choice of MECID depends on the type of access, as described in the descriptions of SMMU_R_GMECID and STE.MECID. The MECID width for Non-secure accesses with PM = 1 is defined by SMMU_MECIDR. If an SMMU without the Realm programming interface is integrated in a system that supports MEC, all client- and SMMU-originated Realm accesses for that SMMU are treated as having the default MECID of zero. Note: This revision of the SMMU architecture does not support Alternative MECID values and use of a descriptor with the AMEC bit set to 1 causes F_TRANSLATION. ARM IHI 0070 H.a Copyright © 2016-2026 Arm Limited or its affiliates. All rights reserved. Non-confidential 1144

Chapter 18. Support for Memory Encryption Contexts Note: The MEC feature introduces a translation table descriptor bit, AMEC, in both: • Bit[63] in stage 2 Page and Block descriptors for the Realm EL1&0 translation regime. • Bit[63] in stage 1 Page and Block descriptors for the Realm EL2 and EL2&0 translation regimes. If SMMU_R_IDR3.MEC == 1 and a Realm translation requires use of a descriptor with the AMEC field set to 1, it is treated as F_TRANSLATION at the stage of translation that had AMEC set to 1. Note: For both descriptor formats, the AMEC field is RES0 and treated as 0 if the NS field in the descriptor is 1. In this case it does not trigger F_TRANSLATION. If SMMU_R_IDR3.MEC == 0, the AMEC field is RES0 and does not trigger F_TRANSLATION. The SMMU tags transactions to the NSP PA space with a MECID supplied by a Non-secure client as follows: • If a Non-secure client access with PM = 1 specifies a MECID and the access is to the NSP PA space, then it is issued with the supplied MECID. • Otherwise, an access to the NSP PA space is issued with the default MECID of zero. Note: This behavior is supported if SMMU_ROOT_IDR0.GDI is 1, and is not affected by any SMMU register field or descriptor field. For example, it is not affected by the value of SMMU_R_IDR3.MEC. Accesses made by NoStreamID client devices to Realm, SA or NSP PA space are associated with a MECID provided by the NoStreamID device in an IMPLEMENTATION DEFINED manner. ARM IHI 0070 H.a Copyright © 2016-2026 Arm Limited or its affiliates. All rights reserved. Non-confidential 1145